Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label UAE. Show all posts
Vulnerabilities and Exploits
Cyber Breach Cyberattacks CyberCrime Cybersecurity Cyberthreats Security Breach Software update UAE Vulnerabilities and Exploits

Security Advisory: Protecting Mobile Devices for UAE Residents

 


In a security update released by Microsoft on Thursday, 61 high-risk vulnerabilities, including critical ones, were addressed. The cyber threat actor may be able to exploit some of these vulnerabilities to gain control of a computer that has been affected. To prevent the breach or leak of information or personal data, UAE Cyber Security Wednesday advised users to implement Microsoft updates. 

The UAE authorities have emphasized the importance of heightened awareness of the vulnerability of their devices and the need for proactive measures to combat it. As the digital world is increasing, it has become increasingly important to secure users' mobile devices to ensure that they are protected against potential risks.

By taking proactive steps, residents can mitigate these threats and protect their data. The Cyber Security Council has provided a real-life example to educate residents regarding the dangers posed by online disrupters. A report issued by the UAE Cyber Security Council and CPX Holding jointly published in 2024 on UAE's cybersecurity highlights a worrying reality. 

There are currently 155,000 cyber assets in the UAE that are vulnerable, with over 40 per cent of them over the age of five. In light of the escalating cyber threats, including sophisticated attacks such as ransomware, the need for advanced cybersecurity measures is urgent, particularly now that the nation has faced an increase in cyberattacks. 

In general, software updates are not thought to be solely relevant to smartphones. However, they play an important role in ensuring security across all types of devices and applications - computers, tablets, smart appliances and even wearables - as well as ensuring security and protecting the user's data. It is imperative to keep devices up to date to ensure security and safeguard them, particularly when they are intertwined with a variety of aspects of life for users.

Users who prefer to update their devices and apps via Wi-Fi might want to set a reminder for when they need to update their apps so they don't have to consume their data plan while doing so. Tips for making updating software a more secure decision: 

To ensure that the data is protected, it is important to periodically update your device's operating system and applications. Ensure that you are up-to-date on software updates from the appropriate source to avoid cyber attacks. Back up important files to prevent losing updates. Ensure that automatic updates are enabled on the device so that manual intervention is minimized. It is important to consider updates for all devices, including smartphones, laptops, wearables, and tablets, when updating software and apps.
Read more »
UAE
Business Safety Cyber Security Insider Threats Malicious Activities UAE

Cybersecurity Incidents are Rapidly Increasing in UAE

 

The majority of businesses in the United Arab Emirates experienced a cybersecurity issue at some point in the last two years. 

According to Kaspersky data, 87% of UAE businesses have experienced different kinds of cyber attacks over the past two years. However, 25% of those cybersecurity incidents were caused by malicious behaviour on the part of their employees. 

Growing concern about malicious insider threats

Employees engaging in malicious online activities are becoming a serious concern for businesses across all industries, with Kaspersky identifying them as "the most dangerous of all employees who can provoke cyber incidents."

Kaspersky claims a number of factors encourage individuals to engage in illicit activities against their employers, including understanding their firm's IT and cybersecurity infrastructure, access to the company network, and taking advantage of colleagues' knowledge to launch social engineering attacks.

Jake Moore, global security advisor at ESET, concurs that malicious insider threats are "a significant worry" for businesses, but he emphasises that "humans also carry an accidental risk in business situations." 

He further elaborates: "Accidental threats might include employees inadvertently bringing in malware or enabling data leakage, which can often be mitigated with annual and ad hoc training programs for all staff.”

Although UAE-based companies are facing high levels of cybercrime, which includes 66% experiencing data breaches, the problem is not getting any better.

A previous Kaspersky study, published in December 2023, found that 77% of APAC companies lack the tools required to detect cyberattacks. Meanwhile, 87% of businesses have a cybersecurity talent shortage, making it more difficult to halt cyber criminals in their tracks.

Security officials in the UAE have previously struggled to maintain safe remote access to employee and corporate-owned devices, according to Mohammed Al-Moneer, Infoblox's regional senior director for META. He stated that firms are concerned about data leaks and cloud attacks "and do not believe they have a firm handle on the insider threat." 

Merely 15% of participants in the UAE, according to the Infoblox report, feel that their company is equipped to protect its networks against insider attacks. 

Gopan Sivasankaran, general manager of Secureworks' META region, explained that the UAE's thriving digital economy and increased use of data make it an "attractive" target for both hacker groups and hostile states. 

"The insight from the incident response engagements and active attacks on businesses we've worked on in the Middle East over the last year show organisations in the UAE have been victims to large scale wiper attacks as well as nation-state sponsored attacks," he said.
Read more »
UAE CISO
CISOs Cyber Security Cyberattacks security leaders UAE UAE CISO

UAE CISOs Highlights their Rampant Gaps in Cybersecurity


A majority of security leader based in the United Arab Emirates (UAE) are convinced that their firms require improvements – in terms of how their teams, processes and technology operates – to mitigate any potential cyberattack.

To provide insight into the challenges faced by CISOs following a breach, cybersecurity firm Trellix surveyed over 500 security executives globally, revealing strategic analysis, eye-opening data, and practical viewpoints. 

In their analysis, the Trellix researchers revealed that 96% of CISOs (who have suffered at least one security incident) believe in the need for improvements. However, 52% of the respondents claim that their organizations have meagre to no technical knowledge on how to tackle challenging security incidents. 

Reliance on Manual Processes

According to the aforementioned survey, 48% of security leaders believe that their organizations are majorly based on manual processes, which eventually makes it more difficult to identify and fix cyberattacks quickly.

Moreover, 44% of respondents attribute the inability to tackle cybercrime to inadequately documented and executed procedures, while 44% caution that disjointed security controls result in a deficiency of context.

According to Jake Moore, global cybersecurity adviser at ESET, better investment in security is significantly crucial for companies, taking into account the increased sophistication in cyber activities.

"Furthermore, now with the introduction of AI threats we are seeing cyberattacks become even more relentless and powerful[…]Companies need to bear in mind that the cost of recovery from an attack usually outweighs the cost of preventive security measures,” he says.

Mind the Gaps

Organizations find it challenging to identify and address cybersecurity problems due to a lack of technological resources, but it can also be challenging when security professionals are overworked or underequipped. More than half of those surveyed (52%) said that their organization's security problems were caused by vulnerabilities in their security capabilities.

However, nearly half of the respondents that they had not properly enabled their detection policies or configured their IT stacks. Forty percent more claimed that their security and IT systems do not provide "adequate visibility" of occurrences.

Moore further warns, "Neglecting cybersecurity in terms of the people and process can leave a business dangerously exposed to preventable or mitigable attacks with potentially severe consequences."  

Read more »
UAE
Cyber Security Cybersecurity Attack Data Theft Phishing Attacks PostalFurious UAE

'PostalFurious' SMS Attacks Target UAE Citizens for Data Theft


The United Arab Emirates has recently become a target of SMS campaigns that seek to deceive residents and extract their personal and payment information. This particular campaign, known as PostalFurious, initially targeted individuals in the Asia-Pacific region before expanding its reach to the UAE. It operates by impersonating postal services, using SMS messages to deceive unsuspecting victims into revealing sensitive data.  

The investigations carried out by Group-IB have linked both campaigns to a phishing ring called PostalFurious, known for its Chinese-speaking language. This group, active since 2021, possesses the capability to swiftly establish extensive network infrastructures, frequently changing them to evade detection by security systems. 

Additionally, the group employs access-control techniques to bypass automated detection and blocking mechanisms. Also, the evidence suggests that PostalFurious operates on a global scale, extending its activities beyond the Middle Eastern initiative under scrutiny. 

As part of this campaign, fraudulent SMS messages are being used to gather payment details by deceiving recipients into believing they need to pay fees for tolls and deliveries. The URLs included in these text messages direct individuals to counterfeit payment pages adorned with the logos and names of well-known postal service providers in the country. 

Since April 15 of this year, the scam SMS messages have been distributing shortened URLs that lead to counterfeit payment pages. Initially, the campaign impersonated a UAE toll operator, but on April 29, a new version was launched, this time mimicking the UAE postal service. Interestingly, the phishing domains for both versions were hosted on the same servers. The SMS messages were sent from phone numbers registered in Malaysia and Thailand, along with email addresses via iMessage. 

These pages illicitly request personal information, including names, addresses, and credit card details. Notably, the phishing pages can only be accessed from IP addresses located within the UAE, further targeting residents of the country. 

Anna Yurtaeva, a senior cyber investigation specialist at Group-IB's Digital Crime Resistance Center in Dubai, has confirmed that the group is exclusively targeting members of the public. Previously the group victimized users of Singapore and Australia

"They launch widespread SMS phishing campaigns, and we are aware of cases where messages have been sent to UAE residents who are not users of the services. From our analysis of the source code and infrastructure of the PostalFurious website, we see that the gang aims to steal payment credentials and personal data from victims," she said. 

Data Theft: Significance, Impacts, and Consequences 

The Significance of Data Theft: 

  • Primary Driver: Corporate data theft stems primarily from the pursuit of financial gain, accounting for a minimum of 86% of breaches. 
  • Exploiting Weaknesses: Attackers exploit security vulnerabilities by stealing and selling data to other malicious actors, maximizing their gains. 

Impacts on Businesses: 

  • Costly Breaches: Data breaches incur substantial costs, with the average breach exceeding $1.2 million in 2018, indicating a 24% increase from the previous year. 
  • Small Business Vulnerability: Smaller organizations with limited resources face heightened risks, as 60% of them go out of business within six months of an attack. 

Broader Consequences: 

  • Ransomware Extortion: Cybercriminals may hold an organization's data hostage, with paying the ransom not guarantee a resolution. 
  • Expensive Recovery: Data recovery and system patching post-breach entail significant expenses. 
  • Reputational Damage and Customer Loss: Data theft leads to customer attrition, while brands with a history of breaches struggle to attract new business. 
  • Legal Liabilities: Mishandling of data exposes companies to potential lawsuits from affected customers. 
  • Downtime and Reduced Productivity: Breaches render systems unusable, causing downtime and hampering employee productivity. 
  • Regulatory Penalties: Non-compliant organizations face substantial financial penalties for failing to meet security mandates. 
In a new development, it was discovered not only PostalFurious but there is also another campaign with a similar theme that has emerged. Referred to as "Operation Red Deer," is designed to specifically target Israeli engineering and telecommunications companies. The campaign involves a persistent stream of phishing messages that skillfully impersonate Israel's postal service, adding to the credibility of the attacks. These ongoing events highlight the need for robust mechanisms and quick responses. 
Read more »
UAE
BitLicense CoinDesk CoinMENA crypto regulation cryptocurrency Cyber Security Licensing Licensing regulations UAE

Dubai's Crypto Industry Introduces New Licensing Regulations


The crypto industry in Dubai is witnessing a huge breakthrough since the jurisdiction has recently come up with its new crypto regulatory framework, apparently providing individuals with a concrete licensing regime for their digital asset issues and service vendors. 

The framework was developed in response to the collapse of the cryptocurrency markets in 2022, which caused authorities worldwide to step up their efforts to establish or enforce protections and left businesses and investors worried about the future of cryptocurrencies. 

These new regulations involve the authorities seeking necessary permits and licenses in order to provide users with one or more crypto-related services in Dubai. The framework is accompanied by seven activity-based rulebooks that specify standards based on the type of service supplied and four mandatory rulebooks for service providers, which Talal Tabbaa, founder of the regional cryptocurrency exchange CoinMENA, hailed as being "elegantly designed."  

Dubai is one among the seven emirates of the United Arab Emirates with a goal to emerge as a global hub for crypto and blockchain activities, and in order to accomplish this it was courting companies to systemize the jurisdiction even before publishing its strategized rules for the sector. 

In the wake of the new rules being published, the institutional crypto custody provider Hex Trust became one of the first to receive an operational green light from the emirate's watchdog, the Virtual Asset Regulation Authority. Stating the time before VARA, which was established in 2022, Mohamed Reda El Sheikh, head of compliance at Hex Trust for the Middle East and North Africa (MENA) says "We were waiting for a licensing framework. We were waiting for somebody with interest to take the responsibility." 

However, these new regulations set up by Dubai are still a work in progress, because of their comprehensive nature, which allows for potential development. The emerging hub's new regulatory structure also reveals the expense of compliance in the area, which may make it more difficult for start-up businesses to locate there. 

While Tabbaa called the licencing costs "peanuts" when compared to other operating costs like hiring staff or maintaining offices locally, and compliance fees are not something crypto companies focus on when looking to enter a market, even he acknowledges that some of Dubai's fees can be viewed as being on the expensive side. 

A company seeking to provide exchange services is required to pay an application cost of 100,000 UAE dirham (US$27,200) and an annual supervision fee that is double that amount, says the document. The application fee does not guarantee acceptance, and if the business wishes to provide additional services such as custody, lending, or payments, it must submit additional licensing applications (at a 50% reduction off the application charge) and pay additional monitoring fees. 

For comparison, the application fee in Abu Dhabi, another emirate of the UAE, is $20,000, while the yearly monitoring fee is $15,000. However, the Abu Dhabi Global Market (ADGM) stated in an email to CoinDesk that goes up if businesses seek to provide additional kinds of assets. 

“Apart from any tokenized securities, under ADGM’s regulations, any crypto exchange that operates a spot or derivative market in relation to virtual assets (which include cryptocurrencies such as bitcoin and ether) will have to apply for a Multilateral Trading Facility license,” the ADGM said. Companies that are likely to operate MTFs must pay an application fee of $125,000 and an annual supervision fee of $60,000. 

In Singapore, crypto exchanges that are not involved in fiat currencies usually apply for a Major Payments Institution license (for digital payment token service), which comes with a 10,000 Singapore dollar ($7,500) annual fee. Wherein, New York's BitLicense comes with a $5,000 application fee, although companies have reported bearing a cost of around $100,000 for time allocation, and legal and compliance fees. 

Dubai’s fees, on the other hand, are much more reasonable for larger companies. Although, it may not be very sustainable for startups, says Irina Heaver, a crypto lawyer based in the UAE. 

“However, I fully agree that Dubai needed to step up and to regulate the space, with so many bottom feeding scammers trying to establish here, enough is enough. Hopefully, these regulations will be used to really target those bad players,” Heaver said.  

Read more »
User Security
Cyber Security Data Theft Social Media threats UAE User Privacy User Security

UAE's Sincere Efforts to Combat Cybercrime

 

The Abu Dhabi Judicial Department (ADJD) held an awareness-raising lecture on "Cybercrime and its Dangers to Society" in conjunction with "Majalis" Abu Dhabi at the Citizens and Community Affairs Office of the Presidential Court as part of its initiatives to foster legal awareness among the constituents of society in order to ensure their protection and to shield them from the risks conveyed by crimes involving the use of contemporary technologies and social media. 

The lecture, delivered by Chief Prosecutor Dr. Abdulla Hamad Al Mansouri, covered the nature and definition of cybercrime, the risks of cyber-extortion, and the legal sanctions. The lecturer also concentrated on the reasons and circumstances that cause members of society to fall victim to cyber-extortionists and provided a number of useful examples drawn from actual prosecution cases. 

In accordance with the terms of Federal Decree-Law No. 34 of 2021 on Combating Rumors and Cybercrime, Dr. Al Mansouri covered the dangers linked with the exploit of social media networks and the responsibility of users. On January 2, 2022, the Federal Decree Law No. 34 of 2021 on Combating Rumors and Cybercrimes went into effect.

It aims to increase protection against online crimes committed using networks, platforms, and information technology. Additionally, it aims to protect the databases and websites of the UAE's government, stop the spread of rumours and false information, protect against electronic fraud, and uphold individual rights and privacy. 

The Abu Dhabi Judicial Department has previously drawn attention to the risks posed by cybercrime. In order to ensure the defence and safety of society from crimes utilising modern technologies, particularly through the pervasive use of social media, the ADJD organised two lectures on "Cybercrime and its Risks to Society" in July of last year. One occasionally comes across news of people who fall prey to online predators or scammers; even children are a target of these crimes. 

The Dubai Police General HQ has urged the public to use social media platforms responsibly and to be on the lookout for online scammers and cybercriminals. These statements were made by Expert Major General Khalil Ibrahim Al Mansouri, Assistant Commander-in-Chief for Criminal Investigation Affairs at Dubai Police, as he discussed Operation "Shadow," which was carried out nearly three years ago and resulted in the arrest of 20 African gangs for extortion crimes against social media users and for blackmailing and cyber extortion. He added that the police had detained a married couple who had fooled users of social media by pretending to be a domestic helper recruitment agency. 

The world's largest trade fair for safety, security, and fire protection, Intersec 2023, will take place over 47,000 square metres at the Dubai World Trade Center from January 17 to 19, and the Dubai Electronic Security Centre (DESC), which works to ensure the emirate becomes a leader in cybersecurity and the protection of information from external cyber threats, has been named the official government partner. 

At Intersec's Cyber Security sector, specialists in the public and private sectors, national leaders, advisors, economists, and corporate buyers will be present. According to Dr. Bushra Al Blooshi, Head of Research & Innovation at DESC, "Given the rapidly developing technology of today, cybersecurity is an absolute necessity for businesses, especially with remote working culture and digital transformation."
Read more »
UAE
cryptocurrency digital currency Dubai DubaiCoin Technology UAE

DubaiCoin: Dubai's First Cryptocurrency Rose Over 100% Since its Debut

 

Dubai appears to have developed its own cryptocurrency, known as the DubaiCoin (DBIX). It is established on a public blockchain, which means that anyone can mine DBIX to generate their own.  

On May 27, around 4 p.m. IST, it was trading at roughly $1.13, up from the original price of $0.17. According to Crypto.com, the price of the cryptocurrency has increased by over 1000 percent in the last 24 hours.

The city of Dubai, on the other hand, issued a statement late last night denying this According to the official Dubai Media Office, “Dubai Coin cryptocurrency was never approved by any official authority. The website promoting the coin is an elaborate phishing campaign that is designed to steal personal information from its visitors.”

Arabianchain Technology, based in the United Arab Emirates (UAE), claimed to be the first public blockchain in the Arabic world when it introduced cryptocurrency. In a press release, the company stated, “DubaiCoin will soon be able to be used to pay for a range of goods and services both in-store and online, with the clear intention for the coin to be used in place of traditional bank-backed currencies. Circulation of the new digital currency will be controlled by both the city itself and authorized brokers.” 

The United Arab Emirates is regarded as being a safe place for cryptocurrency investors but the Dubaicoin, on the other hand, would be distinct from other cryptocurrencies. While mining should make it fairly volatile, and as it is built on a public blockchain, it's unclear what Arabchain means when it says the city of Dubai is regulating its pricing. If the coin replaces (or operates interchangeably with) the Dirham inside the UAE, it may qualify as a central bank digital currency (CBDC). 

Being located in Dubai should provide the coin some stability since Dirham is always stable versus the dollar because of specific international treaties between the two countries. 

Although the Dubaicoin is not exactly CBDC, it is the closest thing to China's official digital Yuan, which is now being tested in the country. Countries such as the United States, India, the United Kingdom, and the European Union are considering digital versions of fiat currencies.
Read more »
UAE
Cyber Attacks Iran Middle East UAE

UAE Faces Cyber Pandemic, Cyberattacks In The Middle East On The Rise


The Middle East is suffering a "cyber pandemic" crisis due to coronavirus-themed cyberattacks on the rise this year, says Mohamed al-Kuwaiti, United Arab Emirates government's cybersecurity chief. Moving into a full online life, UAE witnessed an increase in cyberattacks, he further says. The UAE saw a record 250% increase in cybersecurity attacks in 2020. The pandemic compelled companies across the globe to look inside assess their assets, as criminal actors preyed on the digital world. 

"Al Kuwaiti said discussions were ongoing regarding lifting the ban on some Voice over Internet Protocol (VoIP) services in the UAE, such as WhatsApp and FaceTime calling," reports CNBC. Al Kuwaiti says that UAE became a primary target of attacks by the activists when it recently tied formal relations with Israel. Criminals targeted health and financial sectors in particular. The news provides a more in-depth insight into the troublesome cybersecurity challenges UAE and Middle East faces. In these regions, cyberattacks and breaches are prospering; most of these state-sponsored and undetected. According to Al Kuwaiti, various sources were behind this attack. Although the attacks come from all over the region, the main actor is Iran, he says. 

The issue reveals ongoing tension in the area, whereas Iran says that it is a target of cyberattacks. However, the Iranian foreign ministry has not offered any comments on the issue. Al Kuwaiti says that "phishing" and "ransomware" attacks are on the rise; these attacks have become more sophisticated and frequent. In a phishing attack, the hacker pretends to be a legitimate person or entity and steals sensitive information from the victim. Whereas in a ransomware attack, the hacker blocks access to information and demands a ransom from the victim. 

The latest research by cybersecurity firm TrendMicro says government IT infrastructures and critical public systems have become one of the primary targets of hackers globally, with ransomware attacks in the trend. According to the report, "current malicious actors have opted to demand heftier ransoms from targets that are more likely to pay, such as healthcare companies and local governments."
Read more »
Subscribe to: Posts (Atom)